Methods and systems for improved risk scoring of vulnerabilities

a vulnerability and risk scoring technology, applied in the field of computer security, can solve problems such as nuanced organizational analysis that has proved problematic, and the cvss does not facilitate any sense, and can be any type of weakness, bug and/or glitch in the software and hardware of a computing system

Active Publication Date: 2015-09-22
RAPID7
View PDF20 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A vulnerability can be any type of weakness, bug, and / or glitch in the software and hardware of a computing system.
The CVSS does afford the ability to rank one vulnerability against another, but nuanced organizational analysis has proved problematic, partly due to the ordinal nature of the scoring system, and partly due to large gaps in the underlying metrics.
Nor does the CVSS facilitate any sense of indirect impact or likelihood involving integrated or adjacent organizations.
Most importantly, it does not account for numerous factors that increase or mitigate risk that must be taken into consideration to truly understand an organization's risk posture—factors that have proven to play a role just as strong as the base, environmental, and temporal vectors that comprise the CVSS.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Methods and systems for improved risk scoring of vulnerabilities
  • Methods and systems for improved risk scoring of vulnerabilities
  • Methods and systems for improved risk scoring of vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014]For simplicity and illustrative purposes, the principles of the present teachings are described by referring mainly to exemplary embodiments thereof. However, one of ordinary skill in the art would readily recognize that the same principles are equally applicable to, and can be implemented in, all types of information and systems, and that any such variations do not depart from the true spirit and scope of the present teachings. Moreover, in the following detailed description, references are made to the accompanying figures, which illustrate specific exemplary embodiments. Electrical, mechanical, logical and structural changes may be made to the exemplary embodiments without departing from the spirit and scope of the present teachings. The following detailed description is, therefore, not to be taken in a limiting sense and the scope of the present teachings is defined by the appended claims and their equivalents.

[0015]Embodiments of the present teachings relate to systems and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and / or a collection of assets that encompasses a global view of an asset's risk and / or collection of assets' risk, business considerations of an entity that own and controls the asset and / or the collection of assets, and the entity's associations.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority to U.S. Provisional Patent Application Ser. No. 61 / 535,723 filed on Sep. 16, 2011, the disclosure of which is incorporated in its entirety by reference herein.FIELD[0002]Aspects of the disclosure relate generally to computer security.DESCRIPTION OF THE RELATED ART[0003]In today's distributed computing environments, security is of the utmost importance. Due to the rise of wide-area public networks, users have unlimited access to content, e.g. data, files, applications, programs, etc., from a variety of sources. Additionally, the users' connection to the public networks provides a window for malicious entities to attack the users' computing systems. Malicious entities utilize this ease of accessibility and anonymity to attack the users. For example, the malicious entities can plant viruses, Trojans, or other malicious agents in publicly available content in order to attack the users' computing systems and st...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(United States)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F21/57H04L63/1433
Inventor GIAKOUMINAKIS, ANASTASIOSMALM, SHELDON E.LODER, CHADLI, RICHARD D.
Owner RAPID7
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap